Context Navigation

Summary

Shibboleth is an implementation of web-based single sign-on (see "How it works" below).

It is only for web applications, and requires configuration by both institutions (such as UW and FHCRC) and resource providers (such as
ITHS). However, it uses existing web standards so this configuration should not require extensive customization of application code. All
major platforms (Windows, Linux, Java, etc) are supported.

The big advantage is that users provide their existing username and password to their own institution, which eliminates the need for
maintenance of additional usernames and eases some privacy worries.

After the user provides a username and password, the institution redirects the user back to the website. In the background, the user now has credentials (username and possibly status such as "faculty")

The website sees the embedded username (REMOTE_USER) and displays "Welcome joshuadf@…" without requiring any additional password.

Issues

Some institutions do not want to provide actual usernames for privacy reasons, so instead provide a token such as "adfead1a2d90a966ef0a69071a2df31b@…"

Some applications such as Microsoft's Sharepoint run in a limited mode for non-local users

Smaller institutions or private practices do not have the resources to set up a Shibboleth Identity Provider. As a workaround these
users will need to use a free public provider such as ProtectNetwork? or be granted UW credentials

UW does not currently have extensive guides for Shibboleth like it does for pubcookie, but probably will in the future